On Sat, Mar 10, 2012 at 3:23 AM, Phil Mayers <p.may...@imperial.ac.uk> wrote:
> On Fri, Mar 09, 2012 at 10:59:46AM -0500, u...@3.am wrote:
>> authenticate {
>>
>> #Auth-Type LDAP {
>> redundant LDAP{
>> ldap1
>> ldap2
>>
>> }
> Using "ldap" in the authenticate section is a bit tricky, and you'd be wise
> to avoid it if you can - if the LDAP server will "give" you the password
> (plaintext or crypted) you're better of doing that in "authorize" and
> letting FreeRADIUS perform the auth using rlm_pap or whatever.
Yes.
So to save lots of time and configuration problem: does your LDAP
store user passwords in clear text or any "common" hash (e.g. md5,
unix)? If yes, AND you know what the LDAP attribute is, you don't even
need an LDAP section in authenticate.
--
Fajar
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
